Planning for MBAM 2.0 Server Deployment
The Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of the enterprise. If you are installing Microsoft BitLocker Administration and Monitoring with the Configuration Manager topology, see Planning to Deploy MBAM with Configuration Manager.
Note Installations of Microsoft BitLocker Administration and Monitoring on a single server are recommended only for test environments.
Planning for MBAM Server Deployment
The infrastructure for an MBAM Server deployment includes the following features:
Recovery Database
Compliance and Audit Database
Compliance and Audit Reports
Self-Service Portal
Administration and Monitoring Server
MBAM Group Policy Template
MBAM Server databases and features can be installed in different configurations, depending on your scalability requirements. All MBAM Server features can be installed on a single server or distributed across multiple servers. We recommend that you use a two-server configuration for production environments, although configurations of two to four servers can also be used, depending on your computing requirements.
Each MBAM feature has specific prerequisites. For a full list of server feature prerequisites and hardware and software requirements, see MBAM 2.0 Deployment Prerequisites and MBAM 2.0 Supported Configurations.
In addition to the server-related MBAM features, the Server Setup application includes an MBAM Group Policy template. The template contains Group Policy Object (GPO) settings that you configure to manage BitLocker Drive Encryption in the enterprise. You can install this template on any computer that can run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).
As you plan the MBAM Server deployment, consider that BitLocker recovery keys in MBAM are intended for single use only, after which recovery keys expire. In order for the keys to expire after use, they must be retrieved through the Help Desk Portal or the Self-Service Portal.
Order of Deployment of MBAM Server Features
To deploy MBAM features on multiple servers, you have to install the features in the following order:
Recovery Database
Compliance and Audit Database
Compliance Audit and Reports
Self-Service Portal
Administration and Monitoring Server
MBAM Group Policy Template
Note Keep track of the names of the computers on which you install each feature. You have to use this information throughout the installation process. You can print and use a deployment checklist to assist in this effort. For more information about the MBAM Deployment Checklist, see MBAM 2.0 Deployment Checklist.